When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.
Legal claims defining the scope of protection, as filed with the USPTO.
1. At least one non-transitory machine readable medium comprising instructions that when executed on a processing system cause the processing system to perform a method comprising: retrieving an encrypted version of a cryptographic key from nonvolatile memory of the processing system to a processing unit of the processing system during a boot process, wherein the nonvolatile memory is not included in a trusted platform module (TPM); using a key stored in nonvolatile storage in the processing unit to decrypt the encrypted version of the cryptographic key; retrieving a predetermined authentication code for software of the processing system; using the cryptographic key to compute a current authentication code for the software before executing any instructions from the software; and determining whether the software should be trusted, based at least in part on a comparison of the predetermined authentication code with the current authentication code.
2. The at least one medium of claim 1 , wherein the using the cryptographic key to compute a current authentication code for the software comprises: using the cryptographic key to compute a current hashed message authentication code (HMAC) for the software.
3. The at least one medium of claim 1 , wherein the using the cryptographic key to compute a current authentication code for the software comprises: using a key based on the cryptographic key to compute a current hashed message authentication code (HMAC) for the software.
4. The at least one medium of claim 1 , wherein the software to be authenticated comprises boot firmware.
5. At least one non-transitory machine readable medium comprising preliminary boot instructions that when executed on a processing system cause the processing system to perform a method comprising: during a boot process, a processing unit of the processing system using a cryptographic processing unit key (PUK), stored in nonvolatile memory of the processing unit, to decrypt an encrypted version of an authentication key; and during the boot process, the processing unit using the authentication key to authenticate (a) a boot firmware image before executing any instructions from the boot firmware image, (b) at least part of a virtual machine monitor (VMM) before executing any instructions from the VMM, and (c) at least part of an operating system (OS) before executing any instructions from the OS.
6. The at least one non-transitory medium of claim 5 , wherein (a) the processing unit is configured to serve as a bootstrap processor, (b) the at least one non-transitory medium is configured to serve as non-volatile boot storage for the bootstrap processor, (c) the bootstrap processor is to be coupled to the non-volatile boot storage via a bus, and (d) the bootstrap processor, non-volatile boot storage, and bus are all to be included in a local processing system.
7. A processing system comprising: a processing unit with nonvolatile storage; a cryptographic processing unit key (PUK) stored in the nonvolatile storage; at least one nonvolatile storage component in communication with the processing unit but not included in the processing unit; a candidate code module, which is based on an image derived from related code, in the at least one nonvolatile storage component; and an augmented boot code module, included in the at least one nonvolatile storage component, comprising: an encrypted version of an authentication key; and instructions which, when executed by the processing unit, cause the processing unit to perform operations comprising: executing code from the augmented boot code module before executing code from the candidate code module; using the PUK to decrypt the encrypted version of an authentication key; and using the authentication key to authenticate the candidate code module before executing any instructions from the candidate code module.
8. A processing system according to claim 7 , wherein: the at least one nonvolatile storage component comprises nonvolatile memory; and the candidate code module comprises a boot firmware image.
9. A processing system according to claim 7 , wherein: the candidate code module comprises at least part of a virtual machine monitor image.
10. A processing system according to claim 7 , wherein: the at least one nonvolatile storage component comprises nonvolatile memory and a mass storage device; and the candidate code module resides in the mass storage device.
11. A processing system according to claim 10 , wherein: the augmented boot code module resides in the nonvolatile memory.
12. A processing system according to claim 7 , wherein the operation of using the authentication key to authenticate the candidate code module comprises: using a key based at least in part on the authentication key to authenticate the candidate code module.
13. A processing system according to claim 7 , wherein (a) the PUK is permanently burned into the processing unit, (b) the processing unit couples to the at least one nonvolatile storage component via a bus, and (c) the processing unit, the at least one nonvolatile storage, and the bus are all included in a local processing system but are not all located on a single integrated circuit.
14. An apparatus comprising: a non-transitory machine-accessible medium; and an augmented boot code module in the non-transitory machine-accessible medium but not included in a processing unit, wherein the augmented boot code module comprises: an encrypted version of an authentication key; and preliminary boot instructions to be executed during a boot process by the processing unit that includes nonvolatile storage and a cryptographic processing unit key (PUK) stored in the nonvolatile storage; the preliminary boot instructions comprising instructions which, when executed by the processing unit, cause the processing unit to perform operations comprising: using the PUK to decrypt the encrypted version of the authentication key; and using the authentication key to authenticate a candidate code module before executing any instructions from the candidate code module.
15. An apparatus according to claim 14 , wherein the instructions, when executed, cause the processing unit to authenticate a boot firmware image before executing any instructions from the boot firmware image.
16. An apparatus according to claim 14 , wherein the instructions, when executed, cause the processing unit to authenticate at least part of a virtual machine monitor (VMM) before executing any instructions from the VMM.
17. An apparatus according to claim 14 , wherein the instructions, when executed, cause the processing unit to authenticate at least part of an operating system (OS) before executing any instructions from the OS.
18. An apparatus according to claim 14 , wherein the instructions, when executed, cause the processing unit to authenticate a candidate code module residing in at least one of the non-transitory machine-accessible medium and nonvolatile memory.
19. An apparatus according to claim 14 , wherein the instructions, when executed, cause the processing unit to authenticate a candidate code module residing in a mass storage device.
20. An apparatus according to claim 14 , wherein the operation of using the authentication key to authenticate the candidate code module comprises: using a key based at least in part on the authentication key to authenticate the candidate code module.
21. An apparatus according to claim 14 , wherein (a) the instructions, when executed, cause the processing unit to authenticate a boot firmware image before executing any instructions from the boot firmware image, (b) the processing unit is configured to serve as a bootstrap processor, (c) the non-transitory machine-accessible medium is configured to serve as non-volatile boot storage for the bootstrap processor, (d) the bootstrap processor is coupled to the non-volatile boot storage via a bus, and (e) the bootstrap processor, non-volatile boot storage, and bus are all included in a local processing system.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 25, 2012
September 9, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.